Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3076
Views
0
Helpful
3
Replies

HOW TO STOP p2p LIKE BITTORRENT WITH ASA 5520

rooland12
Level 1
Level 1

‎04-13-2011 12:16 AM

Hi everyone,

We are using ASA 5520.We have blocked port 80 and 443 from Inside to any destination .Below that we have another rule which alow any to any for IP.

If anyone can help me how to block bittorrent download from inside network. I can't block P2P ports since SYKPE is also using P2P.

Regards,

Rooland

Labels:
0 Helpful
3 Replies 3

sean_evershed
Level 7
Level 7

‎04-13-2011 05:38 AM

See below the following configuration guide based on enabling HTTP inspection to block P2P traffic that is using HTTP tunneling.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c38a6.shtml

Please remember to rate all posts that are helpful.

0 Helpful

rooland12
Level 1
Level 1
In response to sean_evershed

‎04-13-2011 06:03 AM


Hi sean,

I dont want to block complete P2P traffice because if I do so IM will also get blocked. I want to know how to block bittorrent downloading at the same time other P2P application like IM should work.

Regards,

Rooland

0 Helpful

Shrikant Sundaresh
Cisco Employee
Cisco Employee

‎04-13-2011 06:09 AM

Hi Rooland,

I am not sure if Skype also uses P2P within HTTP. So another way to configure this would be to drop the DNS requests sent for the torrent trackers.

hostname(config)# regex url1 "[t|T][r|R][a|A][c|C][k|K][e|E][r|R]"
hostname(config)# regex url2 "!some other common words in the trackers. ex: torrent!"

You would need to monitor a few torrent downloads to have a list of the latest trackers.
Also, if you would have torrent in the regex, then some torrent websites (which have torrent in the URL) themselves would not open.

hostname(config)# class-map type inspect dns torrent_url_policy
hostname(config-cmap)# match domain-name regex url1 
hostname(config-cmap)# match domain-name regex url2 
hostname(config-cmap)# exit

hostname(config)# policy-map type inspect dns torrents_policy
hostname(config-pmap)# class torrent_url_policy
hostname(config-pmap-c)# drop
hostname(config-pmap)# parameters
hostname(config-pmap-p)# message-length maximum 512

hostname(config)# policy-map global_policy
hostname(config-pmap)# class inspection_default
hostname(config-pmap-c)# no inspect dns preset_dns_map
hostname(config-pmap-c)# inspect dns torrents_policy

This way, the trackers would never be resolved to their ip addresses, and thus the download would not start.

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.
0 Helpful
Customers Also Viewed These Support Documents